chore(deps): bump huggingface/doc-builder/.github/workflows/build_pr_documentation.yml from b0f9a6e3b6aa912656cbda9f74896eb721d29421 to bcff59fca682130d2e7271ca8589911b7ac0b8bf#785
Conversation
…documentation.yml Bumps [huggingface/doc-builder/.github/workflows/build_pr_documentation.yml](https://github.com/huggingface/doc-builder) from b0f9a6e3b6aa912656cbda9f74896eb721d29421 to bcff59fca682130d2e7271ca8589911b7ac0b8bf. - [Release notes](https://github.com/huggingface/doc-builder/releases) - [Commits](huggingface/doc-builder@b0f9a6e...bcff59f) --- updated-dependencies: - dependency-name: huggingface/doc-builder/.github/workflows/build_pr_documentation.yml dependency-version: bcff59fca682130d2e7271ca8589911b7ac0b8bf dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
Dependencies
github_actions
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review
Tier 1 — mechanical: PASS. Exactly one line changed: the SHA pin on uses: for huggingface/doc-builder/.github/workflows/build_pr_documentation.yml (b0f9a6e… → bcff59f…) in .github/workflows/build_pr_documentation.yml. The # main comment and the with/if blocks are untouched. Well-formed YAML.
Tier 2 — alignment: No concerns. SHA-pinning third-party reusable workflows is the correct supply-chain-safe pattern; this bump maintains it.
Approved.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Tier 1 (correctness): Clean one-line Dependabot bump — advances the huggingface/doc-builder reusable workflow build_pr_documentation.yml pin from b0f9a6e to bcff59f. Both are full 40-char SHAs, the # main tracking comment is preserved, and YAML structure is intact.
Tier 2 (alignment): No concerns. CI-only change; touches no environment code or architectural boundaries. SHA-pinning the doc-builder reusable workflows is the established convention (see .github/dependabot.yml).
Verdict: approve.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review (automated)
Tier 1 (bugs/lint): None. Single-line SHA pin bump for the reusable workflow huggingface/doc-builder/.github/workflows/build_pr_documentation.yml. Both SHAs are valid 40-char hashes and the # main comment remains accurate. Upstream change is a narrow doc-builder prerender bugfix.
Tier 2 (alignment): None. Touches only build_pr_documentation.yml — no impact on any OpenEnv principle or invariant.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Tier 1 (correctness): Single-line bump of the pinned huggingface/doc-builder commit SHA in .github/workflows/build_pr_documentation.yml (b0f9a6e… → bcff59f…). Both refs are well-formed 40-char SHA-1 hex; only the pin changed (with: inputs untouched). The trailing # main comment remains an accurate human-readable branch hint.
Tier 2 (alignment): CI-only; no source or invariant impact. Supply-chain posture stays correct — the reusable workflow remains pinned to a full commit SHA rather than a mutable tag/branch. Upstream commit is a low-risk prerender bugfix.
Verdict: approve.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review
Automated checks (changed files): Lint PASS (YAML only) | Debug code CLEAN
Tier 1 — bugs / correctness
None. Single-line SHA advancement of the huggingface/doc-builder reusable workflow (build_pr_documentation.yml): b0f9a6e3 → bcff59fc. The # main comment is preserved; all workflow inputs unchanged.
Tier 2 — alignment
None. CI-only change; no environment code, agent API, reward logic, or invariant touched. SHA-pinning third-party reusable workflows is the correct security posture; this just advances the pin.
Note: #782 / #784 / #785 all move to the same SHA (bcff59fc) and should land together for consistency.
Verdict: approve
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Routine Dependabot pinned-SHA bump for the HuggingFace doc-builder build_pr_documentation.yml reusable workflow. Single-line change to the uses: ref; both old and new refs are full 40-char commit SHAs pinned to main. No with:/secrets: blocks altered, no source or invariant impact.
Verdict: approve
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review
The diff is exactly what dependabot describes: a single-line update of the pinned SHA for the huggingface/doc-builder reusable build_pr_documentation.yml workflow (b0f9a6e → bcff59f). No other lines are touched; with: inputs are unchanged.
Tier 1: No issues. Tier 2: No concerns — CI-only change, outside the OpenEnv source tree, no invariant implications.
LGTM.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Alignment Review Report
Tier 1: Bugs / Lint
None. Mechanically correct single-line SHA pin update for the huggingface/doc-builder reusable workflow (build_pr_documentation.yml). The trailing # main comment is preserved and accurately documents that the pin tracks doc-builder's main branch.
Tier 2: Alignment
No OpenEnv principles or invariants are implicated — this is a CI-only change with no runtime impact on the framework, API surface, client/server boundary, or reward logic. Pinning by SHA while letting Dependabot keep it current is the intended supply-chain trade-off for a trusted upstream.
Verdict: approve — routine Dependabot SHA-pin maintenance.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Verdict: approve
Dependabot bump of the pinned huggingface/doc-builder reusable workflow (build_pr_documentation.yml) from b0f9a6e3… to bcff59fca… (both # main), in .github/workflows/build_pr_documentation.yml.
Tier 1
None. Single-line SHA replacement in YAML; no Python source affected.
Tier 2
- Supply-chain note (non-blocking): new SHA targets
mainof the third-party (HF-owned)doc-builderrepo; contents not inspectable without network access. Low risk — routine dependabot bump, HF provenance, and the same SHA is landing across sibling PRs #782/#784. Surfaced for awareness only.
Approve.
Automated review by Claude Code | Learn more
Darktex
left a comment
Darktex
left a comment
There was a problem hiding this comment.
Note: This is an automated review by Claude Code, not a human review.
Tier 1 (Bugs & Lint): Pinned workflow reference bumped to the new huggingface/doc-builder commit bcff59f; inputs/secrets unchanged. Mechanical and consistent with the sibling doc-builder workflow bumps in this batch.
Tier 2 (Alignment): None — CI/workflow maintenance only.
LGTM.
Automated review by Claude Code | Learn more
|
Rolled into #788 so maintainers can review and merge the non-env Dependabot updates together. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/github_actions/huggingface/doc-builder/dot-github/workflows/build_pr_documentation.yml-bcff59fca682130d2e7271ca8589911b7ac0b8bf
branch
2 participants
Bumps huggingface/doc-builder/.github/workflows/build_pr_documentation.yml from b0f9a6e3b6aa912656cbda9f74896eb721d29421 to bcff59fca682130d2e7271ca8589911b7ac0b8bf.
Commits
bcff59ffix(kit): don't crash prerender when a provider/task has no snippet (#791)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)